Logstash cannot parse httpdate even pattern is correct

rogerwang · February 12, 2020, 6:39am

Hi,
I was converting the filebeat pipeline to logstash since I need to use the translate filter. everything seems fine except the date filter is giving me the "_dateparsefailure" and it is not able to parse the time correctly.

In order to simplify the question, I use below command to debug:

# echo "09/Feb/2020:07:12:13 +1100" | /usr/share/logstash/bin/logstash -e 'input { stdin {} } filter {date { match => [ "message","dd/MMM/yyyy:HH:mm:ss Z" ] } } output { stdout { codec => rubydebug } }'

As you can see in the result, the time is not parsed:

{
      "@version" => "1",
       "message" => "09/Feb/2020:07:12:13 +1100",
          "tags" => [
        [0] "_dateparsefailure"
    ],
    "@timestamp" => 2020-02-12T06:26:35.593Z,
          "host" => "au1-int-elk03"
}

I don't know why this is happened and how to fix the problem.

grumo35 · February 12, 2020, 8:21am

I dont know, this looks strange, have you tried to strip the "/" maybe this is it ?

rogerwang · February 12, 2020, 11:38am

Finally solve it. It should be logstash compatibility issue with the Java 11 openjdk. Once I downgrade the java version to 1.8.0 and the problem is fixed immediately. Just report here in case someone has the same problem.

system · March 11, 2020, 11:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Log timestamp is not getting through date filter getting date_time_parse_exception Logstash	18	1630	August 13, 2022
Logstash Data parsing error - _dateparsefailure Logstash	3	2846	August 3, 2017
Parsing date format error Logstash	3	761	October 24, 2018
Getting _dateparsefailure Logstash	9	1587	July 19, 2017
_dateparsefailure While parsing string Logstash	3	754	February 22, 2017

Logstash cannot parse httpdate even pattern is correct

Related topics